In the third part of this Kerberos series, we focused on leveraging user credential material for impersonation through techniques such as Pass-the-Key/Ticket/Cache/Certificate, and Shadow Credentials. Additionally, we explored how to manage and forge Kerberos tickets to facilitate lateral movement, privilege escalation, and establish persistence within the domain.

The goal of this post, whether we are adversaries or defenders, is to help us understand the multiple ways that Kerberos offers to access resources using the credential material gathered.

In this part of the series, we will focus on Credential Access and the attacks that Kerberos can facilitate.

This post, is the first in the series and will aim to provide an overview of the protocol, from its beginnings to the different (ab)use techniques.